name: Build and deploy docker image

on:
  workflow_dispatch:
  push:
    # Pattern matched against refs/tags
    tags:
      - '*'           # Push events to every tag not containing /

jobs:

  build:
    # Run build on our self-hosted runner, we had trouble with shared runners
    runs-on: [self-hosted, linux, x64]
    steps:
    - uses: actions/checkout@v4
    - uses: Swatinem/rust-cache@v2
    - name: Get current tag
      id: vars
      run: echo ::set-output name=tag::${GITHUB_REF#refs/*/}
    - name: Build the Docker image
      env:
        RELEASE_VERSION: ${{ steps.vars.outputs.tag }}
      run: |
        # Create build container
        docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
        docker buildx create --use

        # Authenticate on registries
        docker login --username generall --password ${{ secrets.DOCKERHUB_TOKEN }}
        docker login https://docker.pkg.github.com -u qdrant --password ${{ secrets.GITHUB_TOKEN }}

        # Build regular image for Docker Hub
        DOCKERHUB_TAG="qdrant/qdrant:${{ github.ref_name }}"
        DOCKERHUB_TAG_LATEST="qdrant/qdrant:latest"
        TAGS="-t ${DOCKERHUB_TAG} -t ${DOCKERHUB_TAG_LATEST}"
        GITHUB_TAG="docker.pkg.github.com/qdrant/qdrant/qdrant:${{ github.ref_name }}"

        # Pull, retag and push to GitHub packages
        docker buildx build --platform='linux/amd64,linux/arm64' --build-arg GIT_COMMIT_ID=${{ github.sha }} $TAGS --push --label "org.opencontainers.image.version"=$RELEASE_VERSION .
        docker pull $DOCKERHUB_TAG
        docker tag $DOCKERHUB_TAG $GITHUB_TAG
        docker push $GITHUB_TAG

        # Build unprivileged image for Docker Hub
        DOCKERHUB_TAG_UNPRIVILEGED="qdrant/qdrant:${{ github.ref_name }}-unprivileged"
        DOCKERHUB_TAG_LATEST_UNPRIVILEGED="qdrant/qdrant:latest-unprivileged"
        TAGS_UNPRIVILEGED="-t ${DOCKERHUB_TAG_UNPRIVILEGED} -t ${DOCKERHUB_TAG_LATEST_UNPRIVILEGED}"
        GITHUB_TAG_UNPRIVILEGED="docker.pkg.github.com/qdrant/qdrant/qdrant:${{ github.ref_name }}-unprivileged"

        # Pull, retag and push to GitHub packages
        docker buildx build --build-arg='USER_ID=1000' --platform='linux/amd64,linux/arm64' $TAGS_UNPRIVILEGED --push --label "org.opencontainers.image.version"=$RELEASE_VERSION .
        docker pull $DOCKERHUB_TAG_UNPRIVILEGED
        docker tag $DOCKERHUB_TAG_UNPRIVILEGED $GITHUB_TAG_UNPRIVILEGED
        docker push $GITHUB_TAG_UNPRIVILEGED
